//package com.shycloud.mido.common.security.service;
//
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.beans.factory.annotation.Value;
//import org.springframework.context.annotation.Primary;
//import org.springframework.http.HttpEntity;
//import org.springframework.http.HttpHeaders;
//import org.springframework.http.HttpMethod;
//import org.springframework.http.MediaType;
//import org.springframework.security.core.AuthenticationException;
//import org.springframework.security.crypto.codec.Base64;
//import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
//import org.springframework.security.oauth2.provider.OAuth2Authentication;
//import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
//import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
//import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
//import org.springframework.stereotype.Component;
//import org.springframework.util.LinkedMultiValueMap;
//import org.springframework.util.MultiValueMap;
//import org.springframework.web.client.RestOperations;
//
//import java.io.UnsupportedEncodingException;
//import java.util.Map;
//
///**
// * @author Xiaoxing Yu
// * @date 2020/7/21
// **/
//@Component
//@Primary
//public class RemoteTokenService extends RemoteTokenServices {
//
//	@Autowired
//	private RestOperations restTemplate;
//
//	private String checkTokenEndpointUrl = "http://shycloud-auth/oauth/check_token";
//
//	private String tokenName = "token";
//
//	private String clientId = "shycloud";
//
//	private String clientSecret = "shycloud";
//
//	private AccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
//
//	@Override
//	public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException {
//
//		MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
//		formData.add(tokenName, accessToken);
//		HttpHeaders headers = new HttpHeaders();
//		headers.set("Authorization", getAuthorizationHeader(clientId, clientSecret));
//		Map<String, Object> map = postForMap(checkTokenEndpointUrl, formData, headers);
//
//		if (map.containsKey("error")) {
//			if (logger.isDebugEnabled()) {
//				logger.debug("check_token returned error: " + map.get("error"));
//			}
//			throw new InvalidTokenException(accessToken);
//		}
//
//		boolean activeVal = false;
//		if (map.get("active") instanceof String) {
//			activeVal = Boolean.valueOf((String)map.get("active"));
//		} else if (map.get("active") instanceof Boolean) {
//			activeVal =(boolean)map.get("active");
//		}
//
//		// gh-838
//		if (!Boolean.TRUE.equals(activeVal)) {
//			logger.debug("check_token returned active attribute: " + map.get("active"));
//			throw new InvalidTokenException("权限不足，请重新尝试登陆");
//		}
//
//		return tokenConverter.extractAuthentication(map);
//	}
//
//	private String getAuthorizationHeader(String clientId, String clientSecret) {
//
//		if(clientId == null || clientSecret == null) {
//			logger.warn("Null Client ID or Client Secret detected. Endpoint that requires authentication will reject request with 401 error.");
//		}
//
//		String creds = String.format("%s:%s", clientId, clientSecret);
//		try {
//			return "Basic " + new String(Base64.encode(creds.getBytes("UTF-8")));
//		}
//		catch (UnsupportedEncodingException e) {
//			throw new IllegalStateException("Could not convert String");
//		}
//	}
//
//	private Map<String, Object> postForMap(String path, MultiValueMap<String, String> formData, HttpHeaders headers) {
//		if (headers.getContentType() == null) {
//			headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
//		}
//		@SuppressWarnings("rawtypes")
//		Map map = restTemplate.exchange(path, HttpMethod.POST,
//				new HttpEntity<MultiValueMap<String, String>>(formData, headers), Map.class).getBody();
//		@SuppressWarnings("unchecked")
//		Map<String, Object> result = map;
//		return result;
//	}
//
//}
